TBA password reminder not secure?

Easy Tiger

Easy Tiger

Active Member
Last month I went online to the TBA website to renew my membership. I couldn't remember my account details, so I selected the password reminder and entered my corresponding email address for the details to be sent to my inbox.

What I got was another person's name, username and password. In their interests I won't divulge whose details it was that I received.

I emailed TBA immediately with the details to let them know but have not had any form of response whatsoever.

Just going to put it out there that perhaps TBA's online system is not as secure as it should be. I also think it is poor that I have not received any response to my email which was sent on 13/1/2012, almost a month ago.
 
As far as doing any financial transactions on the TBA webiste, that part is totally secure. Any website that takes financial transactions, has to use a certain level of encryption, through a secured server... That is a totally different thing to your issue above though...

What you've described above, should be something that the TBA should be greatly concerned about. If you are requesting your password details because you've forgotten them, and then received someone else's username & password, then that is not good at all... If people with certain skills found out about that, there is the potential for them to steal the online identities of all members.....
 
TBA have now been in contact so I am sure this will be rectified immediately if not already.

Thanks TBA for making contact so quickly once becoming aware through my post.
 
if you know a bowlers surname and their TBA number you can find their login and password easily. (knowing which association as well would help, but you could just go through all associations if you really want to)
 
auenf said:
if you know a bowlers surname and their TBA number you can find their login and password easily. (knowing which association as well would help, but you could just go through all associations if you really want to)
Click to expand...

Whats the big deal
What can you do with someone username and password
"Pay there santion fees for them????"
 
amagill said:
nev25 said:
auenf said:
if you know a bowlers surname and their TBA number you can find their login and password easily. (knowing which association as well would help, but you could just go through all associations if you really want to)
Click to expand...
Whats the big deal
What can you do with someone username and password
"Pay there santion fees for them????"
Click to expand...
Steal their identity....
Click to expand...
pretty much: after finding out a persons login details (using just their surname and TBA number), you can login and see all the details on file for them, address, email, phone numbers, DOB and concession details.

I found the surname/TBA_Number recover password option cause my email address has been wrong in the TBA database the past year or so, so i couldn't request my login details to be sent to my email address (.lnet isnt a valid TLD)

it also meant i haven't received any of the newsletters that is one of the 'benefits' of being a TBA member till last week ;)

(also, i miss nested quotes)

Enf...
 
auenf said:
pretty much: after finding out a persons login details (using just their surname and TBA number), you can login and see all the details on file for them, address, email, phone numbers, DOB and concession details.
...
Click to expand...


Im sorry but I cannot find anywhere on the TBA website that you need to log on
 
You must log in or register to reply here.

Similar threads

Jase
TBA Membership System for 2008
2 3 4
Replies
66
Views
10K
Harmac1
H
S
Time for someone else to step up I have done all I can do. I'm out.
Replies
14
Views
2K
twenban
T
mongoliantreesloth
Security warning
Replies
2
Views
434
rynzeski
R
Graham
TotalBowling Not To Cover Rachuig
2
Replies
30
Views
3K
Pedro
P
L
Australian Youth Team
Replies
2
Views
908
wchester
wchester
Back
Top Bottom